#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

hacking router | Breaking Cybersecurity News | The Hacker News

NetUSB Driver Flaw Exposes Millions of Routers to Hacking

NetUSB Driver Flaw Exposes Millions of Routers to Hacking

May 20, 2015
A simple but shockingly dangerous vulnerability has been uncovered in the NetUSB component, putting Millions of modern routers and other embedded devices across the globe at risk of being compromised by hackers. The security vulnerability, assigned CVE-2015-3036 , is a remotely exploitable kernel stack buffer overflow flaw resides in Taiwan-based KCodes NetUSB . NetUSB is a Linux kernel module that allows for users to flash drives, plug printers and other USB-connected devices into their routers so that they can be accessed over the local network. NetUSB component is integrated into modern routers sold by some major manufacturers including D-Link, Netgear, TP-Link, ZyXEL and TrendNet. The security flaw, reported by Stefan Viehbock of Austria-based SEC Consult Vulnerability Lab, can be triggered when a client sends the computer name to the server deployed on the networking device (TCP port 20005) in order to establish a connection. However, if a connecting comp
DDoS Botnet Leverages Thousands of Insecure SOHO Routers

DDoS Botnet Leverages Thousands of Insecure SOHO Routers

May 13, 2015
Small office and home office (SOHO) routers are an increasingly common target for cybercriminals, not because of any vulnerability, but because most routers are loosely managed and often deployed with default administrator credentials. A new report suggests that hackers are using large botnet of tens of thousands of insecure home and office-based routers to launch Distributed Denial-of-Service ( DDoS ) attacks . Security researchers from DDoS protection firm Incapsula uncovered a router-based botnet, still largely active while investigating a series of DDoS attacks against its customers that have been underway since at least last December, 2014. Over the past four months, researchers have recorded malicious traffic targeting 60 of its clients came from some 40,269 IP addresses belonging to 1,600 ISPs around the world. Almost all of the infected routers that were part of the botnet appear to be ARM-based models from a California-based networking company Ubiquiti Net
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Anonymous Hackers Target Israeli Websites and Leak Credentials

Anonymous Hackers Target Israeli Websites and Leak Credentials

Apr 07, 2015
The infamous hacking group Anonymous that vowed an ' Electronic Holocaust ' against Israel and promised to 'erase Israel from cyberspace' on 7th April, managed to launch a cyber attack, beginning Tuesday morning. In a spooky video " message to Israel " posted on YouTube March 4 , Anonymous declared cyber attack against Israel on April 7 in response to what the group calls ' crimes in the Palestinian territories. ' Today we noticed a number of hacking incidents against Israeli cyberspace under #OpIsrael . Anonymous conduct #OpIsrael attack against Israel every year on 7th April and this is the fourth annual cyber attack on Israel in order to protest against Israeli bombing on the Palestinian territory. CYBER ATTACKS AGAINST ISRAEL Today, Anonymous and Pro-Palestinian hackers targeted dozens of Israeli Government websites , including the Knesset portal (parliament), as well as websites related to the Israeli court system and the
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Have a D-Link Wireless Router? You might have been Hacked

Have a D-Link Wireless Router? You might have been Hacked

Feb 03, 2015
The popular DSL wireless router model from D-Link are allegedly vulnerable to a software bug that could allow remote hackers to modify the DNS (Domain Name System) settings on affected routers and to hijack users' traffic. The main goal of DNS hijacking is to secretly redirect user's traffic from a legitimate websites to a malicious one controlled by hackers. The vulnerability might also affects other devices because it is located in the same, widely-used wireless router firmware used by different manufacturers. Bulgarian security researcher Todor Donev discovered the flaw which exists in a widely deployed ZynOS firmware from ZyXEL Communications Corporation, that is used in network hardware from TP-Link Technologies, ZTE and D-Link. According to the security researcher, D-Link's popular DSL2740R wireless router and a number of other D-Link routers, particularly the DLS-320B, are vulnerable. Late last year, similar router vulnerability was discovered in the
Router Vulnerability Puts 12 Million Home and Business Routers at Risk

Router Vulnerability Puts 12 Million Home and Business Routers at Risk

Dec 19, 2014
More than 12 million routers in homes and businesses around the world are vulnerable to a critical software bug that can be exploited by hackers to remotely monitor users' traffic and take administrative control over the devices, from a variety of different manufacturers. The critical vulnerability actually resides in web server " RomPager " made by a company known as AllegroSoft , which is typically embedded into the firmware of router , modems and other " gateway devices " from about every leading manufacturer. The HTTP server provides the web-based user-friendly interface for configuring the products. Researchers at the security software company Check Point have discovered that the RomPager versions prior to 4.34 — software more than 10 years old — are vulnerable to a critical bug, dubbed as Misfortune Cookie . The flaw named as Misfortune Cookie because it allows attackers to control the "fortune" of an HTTP request by manipulating cook
81% of Tor Users Can be Easily Unmasked By Analysing Router Information

81% of Tor Users Can be Easily Unmasked By Analysing Router Information

Nov 18, 2014
Tor has always been a tough target for law enforcement for years and FBI has spent millions of dollars to de-anonymize the identity of Tor users, but a latest research suggests that more than 81% of Tor clients can be "de-anonymised" by exploiting the traffic analysis software 'Netflow' technology that Cisco has built into its router protocols. NetFlow is a network protocol designed to collect and monitor network traffic. It exchanged data in network flows, which can correspond to TCP connections or other IP packets sharing common characteristics, such UDP packets sharing source and destination IP addresses, port numbers, and other information. The research was conducted for six years by professor Sambuddho Chakravarty , a former researcher at Columbia University's Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi. Chakravarty used a technique, in order to determine the Tor
New BlackEnergy Crimeware Enhanced to Target Linux Systems and Cisco Routers

New BlackEnergy Crimeware Enhanced to Target Linux Systems and Cisco Routers

Nov 05, 2014
Security researchers at Kaspersky Lab have unearthed new capabilities in the BlackEnergy Crimeware weapon that has now ability to hacking  routers , Linux systems and Windows, targeting industry through Cisco network devices. The antivirus vendor's Global Research & Analysis Team released a report Monday detailing some of the new " relatively unknown " custom plug-in capabilities that the cyber espionage group has developed for BlackEnergy to attack Cisco networking devices and target ARM and MIPS platforms. The malware was upgraded with custom plugins including Ciscoapi.tcl which targets The Borg's kit, and According to researchers, the upgraded version contained various wrappers over Cisco EXEC-commands and " a punchy message for Kaspersky , " which reads, " F*uck U, Kaspersky!!! U never get a fresh B1ack En3rgy. So, thanks C1sco 1td for built-in backd00rs & 0-days. " BlackEnergy malware program was originally created and used by cy
Reflection DDoS Attacks Using Millions of UPnP Devices on the Rise

Reflection DDoS Attacks Using Millions of UPnP Devices on the Rise

Oct 17, 2014
After successful in launching reflection and amplification Distributed Denial-of-Service (DDoS) attacks by abusing various protocols such as DNS, NTP and SMTP, hackers are now abusing Simple Service Discovery Protocol (SSDP) – part of the UPnP protocol standard – to target home and office devices, researchers warned. SSDP is a network protocol based on the Internet Protocol Suite that comes enabled on millions of networked devices, such as computers, printers, Internet gateways, Router / Wi-Fi access points, mobile devices, webcams, smart TVs and gaming consoles, to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. FLAW IN UPnP USED IN AMPLIFICATION DDoS ATTACK Prolexic Security Engineering & Response Team (PLXsert) at Akamai Technologies have issued a warning that the devices use in residential or small office environments are being co-opted into reflection
HardCoded Backdoor Found in China-made Netis, Netcore Routers

HardCoded Backdoor Found in China-made Netis, Netcore Routers

Aug 27, 2014
Routers manufactured and sold by Chinese security vendor have a hard-coded password that leaves users with a wide-open backdoor that could easily be exploited by attackers to monitor the Internet traffic. The routers are sold under the brand name Netcore in China, and Netis in other parts of the world , including South Korea, Taiwan, Israel and United States. According to Trend Micro , the backdoor — a semi-secret way to access the device — allows cybercriminals the possibility to bypass device security and to easily run malicious code on routers and change settings. Netis routers are known for providing the best wireless transfer speed up to 300Mbps, offering a better performance on online gaming, video streaming, and VoIP phone calling. The Netcore and Netis routers have an open UDP port listening at port 53413 , which can be accessed from the Internet side of the router . The password needed to open up this backdoor is hardcoded into the router's firmware.
Desktop Viruses Coming to Your TV and Connected Home Appliances

Desktop Viruses Coming to Your TV and Connected Home Appliances

Apr 23, 2014
Smart Devices are growing at an exponential rate and so are the threats to them. After your Computers, Servers, Routers , Mobiles and Tablets, now hackers are targeting your Smart TVs, warns Eugene Kaspersky the co-founder and chief executive of Kaspersky Lab. As the increase in the manufactures of Smart TVs by different companies, it could be estimated that by 2016, over 100 million TVs are expected to be connected to the Internet and in the time it may rise as a profitable fruit for the malware authors and cyber criminals to exploit these devices. The 48 year-old Eugene Kaspersky , one of the world's top technology security experts, has thrown light on the future of Computer Security and warned that  Internet of Things (IoT) such as TVs, Refrigerators, Microwave or dishwashers will necessarily bring undesirable cyber threats to your home environment, because any device connected to the Internet is vulnerable and can be infected. " The threats will dive
Routers TCP 32764 Backdoor Vulnerability Secretly Re-Activated Again

Routers TCP 32764 Backdoor Vulnerability Secretly Re-Activated Again

Apr 20, 2014
At the beginning of this year, we reported about the secret backdoor 'TCP 32764' discovered in several routers including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated as the administrator. The Reverse-engineer from France Eloi Vanderbeken , who discovered this backdoor has found that although the flaw has been patched in the latest firmware release, but SerComm has added the same backdoor again in another way. To verify the released patch, recently he downloaded the patched firmware version 1.1.0.55 of Netgear DGN1000 and unpacked it using binwalk tool. He found that the file 'scfgmgr' which contains the backdoor is still present there with a new option " -l ", that limits it only for a local socket interprocess communication (Unix domain socket), or only for the processes running on the same device. On further investigation via reverse en
Millions of Vulnerable Routers aiding Massive DNS Amplification DDoS Attacks

Millions of Vulnerable Routers aiding Massive DNS Amplification DDoS Attacks

Apr 03, 2014
The Distributed Denial of Service (DDoS) attack is becoming more sophisticated and complex with the increase in the skills of attackers and so, has become one of favorite weapon for the cyber criminals to temporarily suspend or crash the services of a host connected to the Internet and till now nearly every big site had been a victim of this attack. Since 2013, Hackers have adopted new tactics to boost the sizes of Distributed Denial of Service ( DDoS ) attack known as ' Amplification Attack ', leveraging the weakness in the UDP protocols. One of the commonly used by hacker is (Domain Name System) DNS Reflection Denial of Service (DrDoS). WHAT IS DrDoS ATTACK? The DNS Reflection Denial of Service (DrDoS) technique exploits security weaknesses in the Domain Name System (DNS) Internet protocol. Using Internet protocol spoofing, the source address is set to that of the targeted victim, which means all the replies will go to the target and the target of the attack receives re
Linksys Malware 'The Moon' Spreading from Router to Router

Linksys Malware 'The Moon' Spreading from Router to Router

Feb 17, 2014
Which Wireless Router do you have at your Home or Office? If it's a Linksys Router you could be in the danger to a new malware that attacks your firmware and replicates itself. Security researcher Johannes B. Ullrich from the SANS Technology Institute has warned about a self-replicating malware which is exploiting authentication bypass and code-execution vulnerabilities in the Linksys wireless routers. The Malware named as ' THE MOON ', scans for other vulnerable devices to spread from router to router and Johannes confirmed that the malicious worm has already infected around 1,000 Linksys E1000, E1200, and E2400 routers. In order to hack the Router, malware remotely calls the Home Network Administration Protocol (HNAP), allows identification, configuration and management of networking devices. The Malware first request the model and firmware version of the router using HNAP and if the device founds vulnerable, it sends a CGI script exploit to get the local command execution
Cybersecurity Resources